[bug#29765] [PATCH 0/3] Check mapped devices upon 'init' and 'reconfigure'

[bug#29765] [PATCH 0/3] Check mapped devices upon 'init' and 'reconfigure'

[Ludovic Courtès]

Hi!

On IRC somebody reported a GuixSD misconfiguration: the person used the
desktop example, which has a LUKS root partition, but did not actually
create the root partition as LUKS.  As a result, the installed system
would not boot.

‘guix system init/reconfigure’ verifies file system labels and UUIDs
but in this case this is clearly insufficient.

This patch series addresses this by reporting LUKS UUIDs that could not
be found.

Ludo’.

Ludovic Courtès (3):
  mapped-devices: Add 'location' and 'check' fields.
  mapped-devices: 'luks-device-mapping' checks its source device.
  guix system: Check mapped devices upon 'init' and 'reconfigure'.

 gnu/system/mapped-devices.scm | 34 +++++++++++++++++++++++++++++++---
 guix/scripts/system.scm       | 24 +++++++++++++++++++++---
 2 files changed, 52 insertions(+), 6 deletions(-)

-- 
2.15.1

[bug#29765] [PATCH 1/3] mapped-devices: Add 'location' and 'check' fields.

[Ludovic Courtès]

* gnu/system/mapped-devices.scm (<mapped-device>)[location]: New field.
(<mapped-device-type>)[check]: New field.
---
 gnu/system/mapped-devices.scm | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
index 17cf6b716..06178ad32 100644
--- a/gnu/system/mapped-devices.scm
+++ b/gnu/system/mapped-devices.scm
@@ -34,11 +34,13 @@
             mapped-device-source
             mapped-device-target
             mapped-device-type
+            mapped-device-location
 
             mapped-device-kind
             mapped-device-kind?
             mapped-device-kind-open
             mapped-device-kind-close
+            mapped-device-kind-check
 
             device-mapping-service-type
             device-mapping-service
@@ -58,14 +60,18 @@
   mapped-device?
   (source    mapped-device-source)                ;string | list of strings
   (target    mapped-device-target)                ;string
-  (type      mapped-device-type))                 ;<mapped-device-kind>
+  (type      mapped-device-type)                  ;<mapped-device-kind>
+  (location  mapped-device-location
+             (default (current-source-location)) (innate)))
 
 (define-record-type* <mapped-device-type> mapped-device-kind
   make-mapped-device-kind
   mapped-device-kind?
   (open      mapped-device-kind-open)             ;source target -> gexp
   (close     mapped-device-kind-close             ;source target -> gexp
-             (default (const #~(const #f)))))
+             (default (const #~(const #f))))
+  (check     mapped-device-kind-check             ;source -> Boolean
+             (default (const #t))))
 
 \f
 ;;;
-- 
2.15.1

[bug#29765] [PATCH 2/3] mapped-devices: 'luks-device-mapping' checks its source device.

[Ludovic Courtès]

* gnu/system/mapped-devices.scm (check-luks-device): New procedure.
(luks-device-mapping)[check]: New field.
---
 gnu/system/mapped-devices.scm | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
index 06178ad32..dbeb0d343 100644
--- a/gnu/system/mapped-devices.scm
+++ b/gnu/system/mapped-devices.scm
@@ -22,12 +22,19 @@
   #:use-module (guix gexp)
   #:use-module (guix records)
   #:use-module (guix modules)
+  #:use-module (guix i18n)
+  #:use-module ((guix utils)
+                #:select (source-properties->location
+                          &error-location))
   #:use-module (gnu services)
   #:use-module (gnu services shepherd)
   #:use-module (gnu system uuid)
+  #:autoload   (gnu build file-systems) (find-partition-by-luks-uuid)
   #:autoload   (gnu packages cryptsetup) (cryptsetup-static)
   #:autoload   (gnu packages linux) (mdadm-static)
   #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-34)
+  #:use-module (srfi srfi-35)
   #:use-module (ice-9 match)
   #:export (mapped-device
             mapped-device?
@@ -144,11 +151,26 @@
   #~(zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup")
                     "close" #$target)))
 
+(define (check-luks-device md)
+  "Ensure the source of MD is valid."
+  (let ((source (mapped-device-source md)))
+    (or (not (uuid? source))
+        (not (zero? (getuid)))
+        (find-partition-by-luks-uuid (uuid-bytevector source))
+        (raise (condition
+                (&message
+                 (message (format #f (G_ "no LUKS partition with UUID '~a'")
+                                  (uuid->string source))))
+                (&error-location
+                 (location (source-properties->location
+                            (mapped-device-location md)))))))))
+
 (define luks-device-mapping
   ;; The type of LUKS mapped devices.
   (mapped-device-kind
    (open open-luks-device)
-   (close close-luks-device)))
+   (close close-luks-device)
+   (check check-luks-device)))
 
 (define (open-raid-device sources target)
   "Return a gexp that assembles SOURCES (a list of devices) to the RAID device
-- 
2.15.1

[bug#29765] [PATCH 3/3] guix system: Check mapped devices upon 'init' and 'reconfigure'.

[Ludovic Courtès]

* guix/scripts/system.scm (check-mapped-devices): New procedure.
(perform-action): Add call to 'check-mapped-devices'.
---
 guix/scripts/system.scm | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm
index 36aed3331..ebcf3e4f3 100644
--- a/guix/scripts/system.scm
+++ b/guix/scripts/system.scm
@@ -44,6 +44,7 @@
   #:use-module (gnu system)
   #:use-module (gnu bootloader)
   #:use-module (gnu system file-systems)
+  #:use-module (gnu system mapped-devices)
   #:use-module (gnu system linux-container)
   #:use-module (gnu system uuid)
   #:use-module (gnu system vm)
@@ -621,6 +622,22 @@ any, are available.  Raise an error if they're not."
       ;; Better be safe than sorry.
       (exit 1))))
 
+(define (check-mapped-devices mapped-devices)
+  "Check that each of MAPPED-DEVICES is valid according to the 'check'
+procedure of its type."
+  (for-each (lambda (md)
+              (let ((check (mapped-device-kind-check
+                            (mapped-device-type md))))
+                ;; We expect CHECK to raise an exception with a detailed
+                ;; '&message' if something goes wrong, but handle the case
+                ;; where it just returns #f.
+                (unless (check md)
+                  (leave (G_ "~a: invalid '~a' mapped device~%")
+                         (location->string
+                          (source-properties->location
+                           (mapped-device-location md)))))))
+            mapped-devices))
+
 \f
 ;;;
 ;;; Action.
@@ -710,9 +727,10 @@ output when building a system derivation, such as a disk image."
   ;; Check whether the declared file systems exist.  This is better than
   ;; instantiating a broken configuration.  Assume that we can only check if
   ;; running as root.
-  (when (and (memq action '(init reconfigure))
-             (zero? (getuid)))
-    (check-file-system-availability (operating-system-file-systems os)))
+  (when (memq action '(init reconfigure))
+    (when (zero? (getuid))
+      (check-file-system-availability (operating-system-file-systems os)))
+    (check-mapped-devices (operating-system-mapped-devices os)))
 
   (mlet* %store-monad
       ((sys       (system-derivation-for-action os action
-- 
2.15.1

bug#29765: [PATCH 0/3] Check mapped devices upon 'init' and 'reconfigure'

[Ludovic Courtès]

Ludovic Courtès <ludo@gnu.org> skribis:

> On IRC somebody reported a GuixSD misconfiguration: the person used the
> desktop example, which has a LUKS root partition, but did not actually
> create the root partition as LUKS.  As a result, the installed system
> would not boot.
>
> ‘guix system init/reconfigure’ verifies file system labels and UUIDs
> but in this case this is clearly insufficient.
>
> This patch series addresses this by reporting LUKS UUIDs that could not
> be found.

Pushed!

Note that this changes the ABI of (gnu system mapped-devices) so you may
need to “make clean-go && make”!

Thanks,
Ludo’.